NETGEAR R7000 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a user-provided length value is trusted during a backup.cgi file upload. The attacker must add a n before the Content-Length header.

CWE: CWE-787 CWE-20

CVSS 2: HIGH – 8.3 (Version: 2.0)
CVSS 3: HIGH – 8.8 (Version: 3.1)


NVD – CVE-2021-31802
CVE – CVE-2021-31802

Link (max. 20) Quelle Tags MISC Exploit Third Party Advisory Third Party Advisory MISC Vendor Advisory Patch Third Party Advisory Vendor Advisory MISC Exploit Patch Third Party Advisory
FEDORA-2021-10d7331a31 FEDORA Third Party Advisory
FEDORA-2021-2d860da728 FEDORA
FEDORA-2021-96a5dabcfa FEDORA

Quelle: NVD – CVE-2021-31802
Datum Veröffentlichung: 2021-04-26T13:15Z, Datum letzte Änderung: 2021-05-06T20:38Z